UniCredit Hacked: 400,000 Accounts Compromised, Data Exposed

UniCredit reported more than 400,000 accounts were hacked and personal data was exposed. Photo: Unicreditbg/Wikimedia Commons

UniCredit, a global bank and financial services firm based in Italy, reported a series of data breaches carried out by hackers that may affect nearly a half-million of the company’s customers, Bloomberg reported.

The hacks reportedly took place earlier this year and late last year. The hackers are believed to have gained access to customer data related to personal loans, along with other identifying information.

Hackers gained unauthorized access to UniCredit’s systems on several occasions, including incidents in September and October 2016 and June and July of this year. The most recent attacks were detected earlier this week, which led to previous breaches being discovered.

More than 400,000 UniCredit customers have been affected by the breach. Customer data including biographical information, loan details and International Bank Account (IBAN) numbers have been exposed and stolen by the hackers.

Daniele Tonella, CEO of UniCredit Business Integrated Solutions, told Bloomberg the breach involved customers with financing and consumer-credit loans. Tonella held that no “material damages” happened as a result of the breach, as no passwords were stolen and no unauthorized transactions were completed.

It is believed that access to the accounts was gained through a third-party provider that had access to the banking data. The third party is based in Italy, though UniCredit has chosen not to identify the partner company for the time being, but did note that access has been cut off and the company’s systems have been updated to improve its defenses.

Milan prosecutors have already launched an investigation into the UniCredit hack, according to Reuters. The bank has already begun an internal audit in response to the situation and will report its findings to the prosecutor.

UniCredit, which operates more than 8,500 branches in 50 markets in 17 countries and employs over 147,000 people, was already investing in upgrading its computer systems and defenses prior to the breaches. The company will reportedly spend $2.7 billion on IT infrastructure as it works to improve and reinforce its systems.

While the breach of UniCredit is one of the worst yet for financial institutions in Europe, it’s not the first time the bank—which is the largest in Italy by market capitalization—has come under fire for putting its customers at risk.

In 2015, security researchers at cyber threat detection firm Cyphort discovered the Ukrainian website for UniCredit was infected with malware. The malicious software installed on the site was used to collect user information and send that data back to the attackers.

Financial institutions have been major targets of cyber attacks in recent years. Breaches run the risk of having devastating effects, not only on victims who have their data stolen but potentially on the very stability of the institutions. Were hackers ever to gain the ability to modify balances or other information, there could be wide-ranging fallout from the attack.

In an attempt to prevent the person from committing suicide, Avleen K. Mokha in her Facebook post wrote, "Don't go ahead with this tonight. There's more in life to look forward to beyond tonight. Please be there to see it."